Help us improve the AWS re:Post Knowledge Center by sharing your feedback in a brief survey. Your input can influence how we create and update our content to better support your AWS journey.
Disabling access to non AWS services via VPC endpoints
Is there a way we can prevent creation of VPC Endpoints in AWS PrivateLink for non AWS Services?. Customer looking to whitelist PrivateLink and want to make sure that no one can connect to non AWS services using PrivateLink. The condition key in the IAM policy ec2:VpceServiceName should work but wouldn't that prevent even the Admin to create any endpoint for non AWS Services?.
- Tags
- AWS PrivateLink
- Language
- English
- Newest
- Most votes
- Most comments
You could add a condition on the permissions on "CreateVpcEndpoint" endpoint where the ServiceName does not contains "com.amazonaws.vpce" which would block creating endpoints for customer created endpoint services.
Relevant content
- asked 6 months ago
- asked 5 years ago
- asked 6 months ago
- asked 2 years ago
